Access Easy Controller 2 - Bosch Security...

Access Easy Controller 2.1APC-AEC21-UPS1

en Release Note

Access Easy Controller 2.1 1

2018.10 | V2.2.0 Robert Bosch (SEA) Pte Ltd

Table of Contents

1.0 REQUIREMENTS 2

2.0 FIRMWARE REVISION HISTORY 2

2.1 AEC v2.1.7.5 2 2.1.1 Enhancements 2 2.1.2 Items Corrected since 2.1.7.1 2

2.2 AEC v2.1.7.5c 2 2.2.1 Improvements 2 2.2.2 Items Corrected since 2.1.7.5 2

2.3 AEC v2.1.7.10b v1 2 2.3.1 Enhancements 2 2.3.2 Items corrected since v2.1.7.5c 2 2.3.3 2.1.7.10b Known Issues 3

2.4 AEC v2.1.7.10c v1 3 2.4.1 Improvements 3 2.4.2 Items corrected since v2.1.7.10b 3 2.4.3 2.1.7.10c Known Issues 3

2.5 AEC v2.1.8.0 3 2.5.1 Enhancements 3 2.5.2 Items corrected since v2.1.7.10c 3 2.5.3 2.1.8.0 Known issues 4

2.6 AEC v2.1.8.2 4 2.6.1 Enhancements 4 2.6.2 Items corrected since v2.1.8.0 4 2.6.3 2.1.8.2 Known Issues 4



2.9 AEC v2.1.8.5 5 2.9.1 Enhancements 5 2.9.2 Items corrected since v2.1.8.4 5

2.9.3 2.1.8.5 Known Issues 6

2.10 AEC v2.1.9.0 6 2.10.1 Enhancements 6 2.10.2 Items corrected since v2.1.8.5 6


2.12 AEC v2.1.9.2 6

2.13 AEC v2.1.9.3 v3 6 2.13.1 Enhancements 6 2.13.2 Items corrected since v2.1.9.1 7 2.13.3 2.1.9.3 v3 Known Issues 7



1.0 Requirements Table 1: Supporting Literature for AEC 2.1 with Firmware Version 2.1.7.5 and Later Description Part Number

AEC 2.1 Hardware Manual F01U122796

AEC 2.1 Software Manual F01U122797

AEC 2.1 Quick Start Guide F01U117274

AEC 2.1 Utilities Program Manual F01U122798

AEC 2.1 UDS1100 Start Guide F01U168574

2.0 Firmware Revision

History

2.1 AEC v2.1.7.5

2.1.1 Enhancements • The system now distributes memory more

efficiently.

• The system log now includes the AEC 2.1 panel version.

2.1.2 Items Corrected since 2.1.7.1 • The access group report does not display

readers connected to the UDS1100 via LAN or the details from connected elevator doors.

• The available filter/search criteria when running a card report does not return the correct values.

2.2 AEC v2.1.7.5c

2.2.1 Improvements • Addressed an issue in systems running

versions older than v2.1.5.1.

2.2.2 Items Corrected since 2.1.7.5 • After applying an update of v2.1.7.x on

systems older than v2.1.5.1, the UPS1 controller may keep continuously rebooting.

2.3 AEC v2.1.7.10b v1

2.3.1 Enhancements • Added support for IE9 and Mozilla 5

• After successful boot of the UPS1 panel, more RAM is dedicated to running system operations.

• When a card holder is removed from the database, all events related to the card holder name report as question marks (????). Now the user name for deleted card holders is shown.

• Users can now upload more than one type of update file. This allows for separate security updates to be performed.

• Added support for both email user name and password to allow up to 50 characters. Previously only 16 characters were allowed.

• Once logged-in to the AEC web browser, a prompt was added to show the current system and video SDK versions. The user has the choice to either check for the latest available versions or disable the prompt.

• The user now has the ability to edit the web address where needed system updates are stored.

• Prevented alarm events from showing in both the valid and restore transaction tabs. Alarm events are now displayed only in the alarm tab.

• Corrected system memory to free up resources upon a restart of the web browser. This allows the system to preserve card access functionality.

• Added support for Thai language.

2.3.2 Items corrected since v2.1.7.5c • After updating an AEC 2.1 panel with a

corrupted db_tar file, the system database would not function correctly. The system will now return an error before loading a corrupted db_tar file. This will maintain database integrity.

• After loading a 2.1.7.x update on systems running versions older than 2.1.7.x, the first two points will not activate for Arm or Alarm.

• When using the filter group selection located on the activity page, only activity from the first user in the system (user1) would display. This feature now displays all active users.

• When a door was previously configured in an advanced IO page and then was deleted, upon return to the IO page, an error was created followed by configured IO functionality not triggering correctly.

• In exported Card.csv files, user field 2 was formatted in UTF-8 instead of the native format. Now user field 2 matches all other fields.

• The DB backup utility displays the event code for no entry/exit events instead of the event description. This feature now displays the event description.

• AEC would always configure a default start/end date even though the user



attempted to assign a different start/end date.

2.3.3 2.1.7.10b Known Issues • In some Kingston CF cards and after the

first initial boot, web pages may not be accessible after the system has been continuously running for a few hours.

In situations where the IP address was altered after the first initial boot and because this requires a reboot of the system, the Kingston CF card will operate normally.

When adding access credentials to AEC, users that are assigned duplicate card numbers; even though each card has a different site code is not allowed.

2.4 AEC v2.1.7.10c v1

2.4.1 Improvements • Addressed an error created after the first

initial boot of CF cards running v2.1.7.10b. • Some email clients will not display emails in

the correct format if non English characters were used.

2.4.2 Items corrected since v2.1.7.10b • During the initial boot of CF cards running

2.1.7.10b, a time-out error causing the web page to be inaccessible due to the system attempting to write a large amount of data to the CF card. This was corrected to allow initial data to be written to the card upon the first boot of the panel.

• Some email clients such as Microsoft Outlook and Yahoo would not receive emails sent from the AEC panel when formatted using non English characters.

2.4.3 2.1.7.10c Known Issues • Webpage response might be slow at times

due to the system continuously monitoring the web pages.

To correct this issue, the web server will be restarted once a day at 12:30 (am), during which time AEC web pages will be temporarily unavailable for 2 to 4 minutes. Door access will not be affected within this time period.

• When restoring a db_tar file from a backup

of a prior 2.1.7.x version, activity might be prevented from displaying, and program configuration data from connected hardware, such as reader and IO board descriptions from Pre or Post intervals, the snapshot location, the Lantronix IP address and the date format may not display correctly.

• When adding access credentials to AEC, users that are assigned duplicate card numbers; even though each card has a different site code is not allowed.

2.5 AEC v2.1.8.0

2.5.1 Enhancements • Added a backup option to consolidate all log

files into a single .zip file.

• Upon performing a reboot or a system shutdown, the system now displays a reboot message. After 5 minutes, the reboot message will redirect to the login page.

• Allow users to access the Syslog link even when the AEC controller is configured for Master mode. This allows users to access the system logs and rescan connected controller boards.

• System users can now configure the auto logout duration of the web browser for up to 23 hours and 59 minutes. Once expired, the activity page will redirect to the login screen.

For security reasons, the auto logout duration cannot be set to “NO” auto logout.

2.5.2 Items corrected since v2.1.7.10c • After leaving the monitoring web pages

open for an extended amount of time, the system may respond slower than normal and/or may cause the web page to be temporarily unavailable. The system would function normally during this period.

• After an Entry/Exit door was configured, the exit reader would not work as intended.

• In some circumstances, and after a few hundred emails had already been sent, the AEC panel may completely stop sending emails.

• Some email clients were not displaying emails in the correct format when non English characters were used.



• After configuring the auto-logout feature, the system might auto-logout the user after the user attempted to navigate to a different page.

• After configuring an ALLPLEX, Access Easy Master Controller, the feature Momentary Unlock was not working as intended.

• When configuring an activity report to filter based on a door instead of all locations, the report would not display some of the generated exit door events.

2.5.3 2.1.8.0 Known issues • Prior versions of AEC 2.1 v2.1.5.x to 2.1.7.x

cannot be used as an SMS server.

• The sending of SMS messages from the panel may not be displayed correctly if the message contains non-English characters.

This version uses a new Linux kernel v2.6.x, removing the option to upgrade within the web browser. When upgrading prior versions of AEC 2.1.x.x to v2.1.8.0, the compact flash card will need to be replaced with part ASL-AEC21-SWK before the original database can be restored.

When adding access credentials to AEC, users that are assigned duplicate card numbers; even though each card has a different site code is not allowed.

2.6 AEC v2.1.8.2

2.6.1 Enhancements • Added custom SMTP Port and Encryption

parameters for increased security over LAN and WAN networks.

• Added SDK support for developers.

2.6.2 Items corrected since v2.1.8.0 • In certain situations, the Reader and I/O

Boards connected to the serial port would stop communicating thus causing access doors to stop responding.

• Programs and services running in the background would not auto restart.

• Configuring the internet profile for users would stop live video from displaying on the activity page.

• Card search and advance search fails to work correctly when logged into the system as a Japanese or Chinese user.

• The built-in panel clock experiences time drifting if the user performs an improper system shutdown.

• When the system is configured to send email notifications, a test email would fail when sending for the first time.

For connected hardware and software to function correctly, it is advised to perform a proper system shutdown. An abrupt shutdown may cause any of the following to occur: 1. A loss of events 2. A loss of the system configuration 3. Causing software updates to only load partially resulting in unexpected system performance

2.6.3 2.1.8.2 Known Issues • The dual card feature does not work

2.7 AEC v2.1.8.3

2.7.1 Enhancements • This version now supports ActiveX control

for Video SDK 5. Refer to the latest compatibility listing for HD video devices that are supported.

• Only 1 video SDK can be selected at a time. To enable this new feature, the previous check box option was changed to a selection button.

• Activity reports will always be generated for valid data. The system now captures invalid data and stores in the separate log file.

• An additional character between the date and time for the activity and audit log is now removed

2.7.2 Items corrected since v2.1.8.2 • Invalid data would stop the system from

generating an activity report for valid data. Created an exception to allow the system to create an activity report for only valid data thus storing invalid data in a separate log file.



2.7.3 2.1.8.3 Known Issues • The dual card feature does not work as

expected. • The camera icon that enabled video

playback within the activity page by event requires a double click every time the webpage is refreshed. Previous versions only required a single click upon a webpage refresh.

• Internet Explorer may stop responding when attempting to export HD video with cameras that have a 1080P display.

For connected hardware and software to function correctly, it is advised to perform a proper system shutdown. An abrupt shutdown may cause any of the following to occur: 1. A loss of events 2. A loss of the system

configuration 3. Causing software updates

to only load partially resulting in unexpected system performance

2.8 AEC v2.1.8.4

2.8.1 Enhancements • The disk space error happened due to

improper file and memory handling of the elsync program in the backend and this problem happened 2.1.8.0 kernel onwards.

• If the users enter Empty value in the gateway IP address setting then system will try to set the empty value to gateway address which leads to the booting error.

2.8.2 Items corrected since v2.1.8.3 • While AEC (Master) connected to AEMC

and card related database growing exponentially and occupies all available disk space in the system.

• If the user enters the gateway IP Address empty from the UI and reboot the system then system will not able to boot completely.

2.8.3 2.1.8.4 Known Issues • Dual card feature does not work. • Every time a refresh of activity page, the

event with camera icon shown in the activity page requires clicking twice on the camera

icon in order to playback the video. Subsequently it works by single click.

• Intermittently the IE crashes while exporting the video for HD cameras with 1080p display. ie DINON HD1080p D/N camera

It is advised to do a proper reboot/shutdown instead of just doing abrupt power off (Hard Shutdown) and it is also recommended to have a battery backup. Because the hard shutdown might cause loss of some of the data which is saved to the CF, especially the one that is saved to the CF in the last 30 seconds, because OS might not have flushed all the changes to the CF. The few possible scenarios which might happen - 1. Loss of events. 2. Loss of configurations. 3. Partial updates of system

updates

2.9 AEC v2.1.8.5

2.9.1 Enhancements • Updated the boot script if the interface file

corrupted then the default interface file will be used to boot the system and the user will be able to access the panel using the default IP address so the system functionality will no affected.

• Network interface file saving logic updated if the file is corrupted still it will allows the user to update the new interface information.

• Empty and null check added to avoid the crashes.

• ParseInt() by default convert the strings to octal. While converting time string we have to mention radix 10 (Decimal) to solve this issues.

2.9.2 Items corrected since v2.1.8.4 • Whenever the interface file corrupted in the

system due to the file system inconsistency then the system will not able to boot any more.

• If the interface file corrupted then user will not able to update the network interface details of the system.



• If the db_tar.gz contains the sms_server address empty then the network page crashes.

• If the date time value contains value of “08”,”09” then the playback getting failed due to the ParseInt(“08”) result will be 0.

2.9.3 2.1.8.5 Known Issues • Dual card feature does not work. • Every time a refresh of activity page, the

event with camera icon shown in the activity page requires clicking twice on the camera icon in order to playback the video. Subsequently it works by single click.

• Intermittently the IE crashes while exporting the video for HD cameras with 1080p display. ie DINON HD1080p D/N camera

2.10 AEC v2.1.9.0

2.10.1 Enhancements • APB exemption added for the card holders

so the user set the exemption for the card holders.

• Latest video SDK 5.8.1.0019 support added. • Video export mp4 support added. • Bosch Open source software compliance

checked. • Help files updated. • Software manuals updated.

2.10.2 Items corrected since v2.1.8.5 • AEC system failed in DSS audit due to the

high priority vulnerabilities like ShellShock, Heart bleed issues in the Systems.

• AEC system related bugs are reported by customers.

• Video SDK related bugs are reported by the customers.

• Issues related to Latest browsers (Firefox, Google Chrome, Safari and IE) with the latest OS windows 7 and 8.1.

2.11 AEC v2.1.9.1

2.11.1 Enhancements • If the user configured Door with the entry,

exit reader then added this door output in Advance IO configuration and if user try to edit configuration then advance IO page crashes.

2.11.2 Items corrected since v2.1.9.0 • Crash issues fixed by validating the entry

and exit reader values in Advance IO.

2.11.3 2.1.9.1 Known Issues • Playback issues in DIVAR AN 5000/3000 if

client PC enabled the Anti-Virus Software. So user has to disable Antivirus software for the playback.

• Dual card feature does not work. • Every time a refresh of activity page, the


• Intermittently the IE crashes while exporting the video for HD cameras with 1080p display, e.g. DINON HD1080p D/N camera.

It is advised to do a proper reboot/shutdown instead of just doing abrupt power off (Hard Shutdown). It is also recommended to have a battery backup. Because the hard shutdown might cause loss of some of the data which is saved to the CF, especially the one that is saved to the CF in the last 30 seconds, because OS might not have flushed all the changes to the CF. The few possible scenarios which might happen - 1. Loss of events. 2. Loss of configurations. 3. Partial updates of system

updates

2.12 AEC v2.1.9.2

For restricted release only.

2.13 AEC v2.1.9.3 v3

2.13.1 Enhancements • Added provision to use Root CA certificate

feature in AEC and customer able to configure, use their own Root CA certificate.

• AEC 2.1.8.x allows anonymous user to access the resources (Event, Device control and card query services). Issue is fixed in



this version. Resource access available only based on AEC login with Token, Session ID passing mechanism.

• Added support for new Video SDK 6.15.0100.

2.13.2 Items corrected since v2.1.9.1 • The following vulnerabilities are fixed in

this version: a. SSL/TLS: Missing ‘secure’ Cookie

Attribute

b. HTTP Debugging Methods (TRACE/TRACK) Enabled

c. SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

d. Missing ‘httpOnly’ Cookie Attribute e. SSL/TLS: Deprecated SSLv2 and

SSLv3 Protocol Detection f. SSH Weak Encryption Algorithms

Supported g. SSL/TLS: Report Weak Cipher Suites h. SSL/TLS: SSLv3 Protocol CBC Cipher

Suites Information Disclosure Vulnerability (POODLE)

2.13.3 2.1.9.3 v3 Known Issues • Playback issues in DIVAR AN 5000/3000 if

client PC enabled the Anti-Virus Software. So user has to disable Antivirus software for the playback.

• Dual card feature does not work. • Every time a refresh of activity page, the


• Intermittently the IE crashes while exporting the video for HD cameras with 1080p display, e.g. DINON HD1080p D/N camera.

• All the vulnerability scan using OPENVAS vulnerability scanner.

• AEC uses AES256-SHA1 signature algorithm and this will be used for internal purpose. Due to this configuration vulnerability scanner may detect “SSL/TLS: Certificate Signed Using A Weak Signature Algorithm” issue.

Robert Bosch (SEA) Pte Ltd11 Bishan Street 21573943 SingaporeSingaporewww.boschsecurity.com© Robert Bosch (SEA) Pte Ltd, 2018

Bosch Sicherheitssysteme GmbH Robert-Bosch-Ring 585630 GrasbrunnGermanywww.boschsecurity.com© Robert Sicherheitssysteme GmbH, 2018

Access Easy Controller 2 - Bosch Security...

Documents

Transcript of Access Easy Controller 2 - Bosch Security...